公开(公告)号：US07979721B2

公开(公告)日：2011-07-12

申请号：US11612436

申请日：2006-12-18

Applicant: William J. Westerinen ,  Todd L. Carpenter ,  Alexander Frank ,  Shon Schmidt ,  Stephen Richard Drake ,  David James Foster ,  Tse-Ching James Yu

Inventor： William J. Westerinen ,  Todd L. Carpenter ,  Alexander Frank ,  Shon Schmidt ,  Stephen Richard Drake ,  David James Foster ,  Tse-Ching James Yu

IPC: G06F11/30 ,  G06F17/00 ,  G06F1/00

CPC classification number: H05K1/0275 ,  G06F21/86 ,  H05K1/141 ,  H05K3/3436 ,  H05K2201/049 ,  H05K2201/10545 ,  H05K2201/10674

Abstract: A pay-per-use computer, or other electronic device that uses local security, may use a security module or other circuit for monitoring and enforcement of a usage policy. To help prevent physical attacks on the security module, or the circuit board near the security module, a second circuit may be mounted over the security module to help prevent access to the security module. Both circuits may be mounted on a interposer and the interposer mounted to the circuit board, creating a stack including the first circuit, the interposer, the security module, and a main PC board. When the PC board includes dense signal traces under the security module a three dimensional envelope is created around the security module. When the first circuit is a high value circuit, such as a Northbridge, the risk/reward of attacking the security module is increased substantially and may deter all but the most determined hackers.

Abstract translation: 使用计费器的计算机或使用本地安全的其他电子设备可以使用安全模块或其他电路来监视和执行使用策略。 为了防止对安全模块或安全模块附近的电路板的物理攻击，可以在安全模块上安装第二电路，以帮助防止访问安全模块。 两个电路可以安装在插入器上，并且插入器安装到电路板，产生包括第一电路，插入器，安全模块和主PC板的堆叠。 当PC板在安全模块下面包含密集的信号迹线时，将在安全模块周围创建三维信封。 当第一个电路是诸如北桥的高价值电路时，攻击安全模块的风险/报酬大大增加，并且可能阻止除了最确定的黑客之外的所有电路。

公开(公告)号：US06202097B1

公开(公告)日：2001-03-13

申请号：US08373052

申请日：1995-01-17

Applicant: David James Foster ,  Armando Garcia ,  Robert Bernard Pearson

Inventor： David James Foster ,  Armando Garcia ,  Robert Bernard Pearson

IPC: G06F15173

CPC classification number: G06F11/2242 ,  G06F11/2294 ,  G06F11/2736

Abstract: Apparatus and method for use in a multiprocessor system (10) having a plurality of processing nodes (P0-P3) each of which includes a local data processor (22a, 28a). The apparatus includes an interface (42) to a controller (14), the interface including a register (48) for storing a function received from the controller, such as a diagnostic function. The interface further includes circuitry (50) for providing the diagnostic function as a packet to an input terminal of a bit serial communication bus (40). The communication bus is threaded through each of the plurality of processing nodes and has an output terminal that terminates at the interface. Each of the nodes includes a register (54) for receiving the packet and, responsive to information conveyed thereby, for halting the local data processor and for controlling the operation of local data processor control signal lines, data signal lines, and address signal lines so as to execute the diagnostic function, such as reading data from or writing data to a specified location. The local data processor may also be reset, rebooted, restarted from a halted condition, or interrupted.

Abstract translation: 在具有多个处理节点（P0-P3）的多处理器系统（10）中使用的装置和方法，每个处理节点包括本地数据处理器（22a，28a）。 该装置包括到控制器（14）的接口（42），该接口包括用于存储从控制器接收的功能（诸如诊断功能）的寄存器（48）。 接口还包括用于将诊断功能作为分组提供给比特串行通信总线（40）的输入端的电路（50）。 通信总线穿过多个处理节点中的每一个并且具有在该接口处终止的输出终端。 每个节点包括用于接收分组的寄存器（54），并响应于此所传送的信息，用于暂停本地数据处理器并用于控制本地数据处理器控制信号线，数据信号线和地址信号线的操作 执行诊断功能，例如从指定位置读取数据或将数据写入指定位置。 本地数据处理器也可能被重置，重新启动，从停止状态重新启动或中断。

公开(公告)号：US08151118B2

公开(公告)日：2012-04-03

申请号：US11668446

申请日：2007-01-29

Applicant: David James Foster ,  Shon Schmidt ,  David Jaroslav Sebesta ,  Curt Andrew Steeb ,  William J. Westerinen ,  Zhangwei Xu ,  Todd L. Carpenter

Inventor： David James Foster ,  Shon Schmidt ,  David Jaroslav Sebesta ,  Curt Andrew Steeb ,  William J. Westerinen ,  Zhangwei Xu ,  Todd L. Carpenter

IPC: H04L29/06

CPC classification number: G06F21/85 ,  G06F21/72

Abstract: A computer or other electronic device requiring physical integrity of its components, for example, a pay-per-use computer may use a master security device in communication with a plurality of slave security devices, known as security beans. Each security bean may be given a cryptographic key or keys for use in authenticating communication with the master security device. Each security bean may be coupled to an associated component and may have the ability to disable that associated component. In one embodiment, security bean has an analog switch that may be configured to block or attenuate a critical signal used by the associated component. The security bean may start up in the disable mode and respond to a verified signal from the master security device to enable its corresponding component.

Abstract translation: 需要其组件的物理完整性的计算机或其他电子设备，例如，每次使用付费的计算机可以使用与多个从属安全设备（称为安全性bean）通信的主安全设备。 每个安全bean可以被给予用于认证与主安全设备的通信的加密密钥或密钥。 每个安全bean可以耦合到相关联的组件，并且可以具有禁用该关联组件的能力。 在一个实施例中，安全性bean具有模拟开关，其可被配置为阻止或衰减由相关联的组件使用的关键信号。 安全bean可以在禁用模式下启动，并响应来自主安全设备的已验证信号以启用其相应的组件。

公开(公告)号：US20080319910A1

公开(公告)日：2008-12-25

申请号：US11766613

申请日：2007-06-21

Applicant: James S. Duffus ,  Curt Andrew Steeb ,  Thomas G. Phillips ,  Todd L. Carpenter ,  Martin H. Hall ,  Ricardo Lopez-Barquilla ,  Judy Tandog ,  Katie Ann Aldrich ,  Daniel Makoski ,  David James Foster ,  Krista L. Johnson

Inventor： James S. Duffus ,  Curt Andrew Steeb ,  Thomas G. Phillips ,  Todd L. Carpenter ,  Martin H. Hall ,  Ricardo Lopez-Barquilla ,  Judy Tandog ,  Katie Ann Aldrich ,  Daniel Makoski ,  David James Foster ,  Krista L. Johnson

IPC: H04L9/00

CPC classification number: G06Q30/06 ,  G06F21/123 ,  G06F2221/0742 ,  G06F2221/0797

Abstract: A computer with scalable performance level components and selectable software and service options has a user interface that allows individual performance levels to be selected. The scalable performance level components may include a processor, memory, graphics controller, etc. Software and services may include word processing, email, browsing, database access, etc. To support a pay-per-use business model, each selectable item may have a cost associated with it, allowing a user to pay for the services actually selected and that presumably correspond to the task or tasks being performed. An administrator may use a similar user interface to set performance levels for each computer in a network, allowing performance and cost to be set according to a user's requirements.

Abstract translation: 具有可扩展性能级别组件和可选软件和服务选项的计算机具有允许选择单独性能级别的用户界面。 可扩展的性能级组件可以包括处理器，存储器，图形控制器等。软件和服务可以包括文字处理，电子邮件，浏览，数据库访问等。为了支持按需付费的商业模式，每个可选项目可以具有 与其相关联的成本，允许用户支付实际选择的服务，并且大概对应于正在执行的任务或任务。 管理员可以使用类似的用户界面来设置网络中每台计算机的性能等级，从而允许根据用户要求设置性能和成本。

公开(公告)号：US20080235513A1

公开(公告)日：2008-09-25

申请号：US11687966

申请日：2007-03-19

Applicant: David James Foster ,  Thomas G. Phillips ,  James S. Duffus ,  David Jaroslav Sebesta

Inventor： David James Foster ,  Thomas G. Phillips ,  James S. Duffus ,  David Jaroslav Sebesta

IPC: H04L9/00

CPC classification number: H04L9/0869 ,  G06F21/33 ,  G06F21/445 ,  H04L9/3213 ,  H04L9/3273 ,  H04L63/126 ,  H04L2209/56

Abstract: A trust provider uses established relationships with a client device and a server of an e-commerce merchant or service provider to assure the identity of each to the other. The e-commerce merchant can request an encrypted token from the client. The client may use a trust-provider key to generate the encrypted token. The server then passes the token to the trust provider, who only accepts tokens from known, authenticated entities. The trust provider then verifies the token and returns a response to the server. The response may include a client verification for use by the server and an encrypted server verification that is forwarded by the server to the client. In this fashion, both the server and client may be authenticated without prior knowledge of each other.

Abstract translation: 信任提供者使用与客户端设备和电子商务商家或服务提供商的服务器建立的关系来确保每个对方的身份。 电子商务商可以从客户端请求加密的令牌。 客户端可以使用信任提供者密钥来生成加密的令牌。 然后，服务器将令牌传递给信任提供者，信任提供者只接受来自已知的身份验证实体的令牌。 然后，信任提供者验证令牌并向服务器返回响应。 响应可能包括客户端验证供服务器使用，以及由服务器转发给客户端的加密服务器验证。 以这种方式，服务器和客户端可以在没有彼此之前的知识的情况下被认证。

公开(公告)号：US20100037325A1

公开(公告)日：2010-02-11

申请号：US11612436

申请日：2006-12-18

Applicant: William J. Westerinen ,  Todd L. Carpenter ,  Alexander Frank ,  Shon Schmidt ,  Stephen Richard Drake ,  David James Foster ,  Tse-Ching James Yu

Inventor： William J. Westerinen ,  Todd L. Carpenter ,  Alexander Frank ,  Shon Schmidt ,  Stephen Richard Drake ,  David James Foster ,  Tse-Ching James Yu

IPC: G06F21/02

CPC classification number: H05K1/0275 ,  G06F21/86 ,  H05K1/141 ,  H05K3/3436 ,  H05K2201/049 ,  H05K2201/10545 ,  H05K2201/10674

Abstract: A pay-per-use computer, or other electronic device that uses local security, may use a security module or other circuit for monitoring and enforcement of a usage policy. To help prevent physical attacks on the security module, or the circuit board near the security module, a second circuit may be mounted over the security module to help prevent access to the security module. Both circuits may be mounted on a interposer and the interposer mounted to the circuit board, creating a stack including the first circuit, the interposer, the security module, and a main PC board. When the PC board includes dense signal traces under the security module a three dimensional envelope is created around the security module. When the first circuit is a high value circuit, such as a Northbridge, the risk/reward of attacking the security module is increased substantially and may deter all but the most determined hackers.

Abstract translation: 使用计费器的计算机或使用本地安全的其他电子设备可以使用安全模块或其他电路来监视和执行使用策略。 为了防止对安全模块或安全模块附近的电路板的物理攻击，可以在安全模块上安装第二电路，以帮助防止访问安全模块。 两个电路可以安装在插入器上，并且插入器安装到电路板，产生包括第一电路，插入器，安全模块和主PC板的堆叠。 当PC板在安全模块下面包含密集的信号迹线时，将在安全模块周围创建三维信封。 当第一个电路是诸如北桥的高价值电路时，攻击安全模块的风险/报酬大大增加，并且可能阻止除了最确定的黑客之外的所有电路。

公开(公告)号：US20090287917A1

公开(公告)日：2009-11-19

申请号：US12122747

申请日：2008-05-19

Applicant: Todd Carpenter ,  David Abzarian ,  Mark Myers ,  David James Foster ,  Teddy Liu ,  Ethan Toon Wu Ang ,  Suzie Mitchell

Inventor： Todd Carpenter ,  David Abzarian ,  Mark Myers ,  David James Foster ,  Teddy Liu ,  Ethan Toon Wu Ang ,  Suzie Mitchell

IPC: G06F9/445 ,  H04L9/32 ,  G06F9/24

CPC classification number: G06F21/10

Abstract: To protect against software piracy, a storage media has a cryptographically protected area that stores software to be installed onto a target device, such as a computer. The storage media may include a non-secure area holding boot files and an installation program. The installation program may gather target device-specific data for use by a certifying authority in generating a key that allows access to the secure area of the storage media only during the installation process. In this manner, a user never has access to the raw installation files, limiting the ability to copy and distribute those files for installation on non-authorized computers. The certifying authority may also prepare target device-specific data applied to the software before installation to create a custom software image that will only execute on the target device and that can be verified by the host OS prior to execution, allowing integrity confirmation.

Abstract translation: 为了防止软件盗版，存储介质具有密码保护区域，其存储要安装到诸如计算机的目标设备上的软件。 存储介质可以包括保持引导文件的非安全区域和安装程序。 安装程序可能会收集目标设备特定的数据，供认证机构使用，以生成只允许在安装过程中访问存储介质的安全区域的密钥。 以这种方式，用户从未访问原始安装文件，限制了复制和分发这些文件以在非授权计算机上进行安装的能力。 认证机构还可以在安装之前准备应用于软件的目标设备专用数据，以创建仅在目标设备上执行的定制软件映像，并且可以在执行之前由主机OS进行验证，从而允许完整性确认。

公开(公告)号：US20080183305A1

公开(公告)日：2008-07-31

申请号：US11668446

申请日：2007-01-29

Applicant: David James Foster ,  Shon Schmidt ,  David Jaroslav Sebesta ,  Curt Andrew Steeb ,  William J. Westerinen ,  Zhangwei Xu ,  Todd L. Carpenter

Inventor： David James Foster ,  Shon Schmidt ,  David Jaroslav Sebesta ,  Curt Andrew Steeb ,  William J. Westerinen ,  Zhangwei Xu ,  Todd L. Carpenter

IPC: G05B19/02

CPC classification number: G06F21/85 ,  G06F21/72

Abstract: A computer or other electronic device requiring physical integrity of its components, for example, a pay-per-use computer may use a master security device in communication with a plurality of slave security devices, known as security beans. Each security bean may be given a cryptographic key or keys for use in authenticating communication with the master security device. Each security bean may be coupled to an associated component and may have the ability to disable that associated component. In one embodiment, security bean has an analog switch that may be configured to block or attenuate a critical signal used by the associated component. The security bean may start up in the disable mode and respond to a verified signal from the master security device to enable its corresponding component.

Abstract translation: 需要其组件的物理完整性的计算机或其他电子设备，例如，每次使用付费的计算机可以使用与多个从属安全设备（称为安全性bean）通信的主安全设备。 每个安全bean可以被给予用于认证与主安全设备的通信的加密密钥或密钥。 每个安全bean可以耦合到相关联的组件，并且可以具有禁用该关联组件的能力。 在一个实施例中，安全性bean具有模拟开关，其可被配置为阻止或衰减由相关联的组件使用的关键信号。 安全bean可以在禁用模式下启动，并响应来自主安全设备的已验证信号以启用其相应的组件。

公开(公告)号：US20090094455A1

公开(公告)日：2009-04-09

申请号：US11869072

申请日：2007-10-09

Applicant: Shon Schmidt ,  Todd L. Carpenter ,  David James Foster ,  Harjit Singh

Inventor： Shon Schmidt ,  Todd L. Carpenter ,  David James Foster ,  Harjit Singh

IPC: H04L9/00 ,  G06Q20/00

CPC classification number: G06Q40/12 ,  G06F21/725 ,  H04L9/3234 ,  H04L2209/56

Abstract: A computer or other electronic device may use a security module to securely control a system or processor clock to set a predetermined performance level. In an exemplary embodiment, the performance level may be high, medium, or low, supporting a range of application performance requirements. Changes to the performance level may be authorized by a third party presenting cryptographic rights to alter the performance level. Alternatively, postpaid ro pre-paid value may be accumulated at a rate corresponding to the predetermined performance level set by the security module.

Abstract translation: 计算机或其他电子设备可以使用安全模块来安全地控制系统或处理器时钟来设置预定的性能水平。 在示例性实施例中，性能水平可以是高的，中等的或低的，支持一系列应用性能要求。 性能级别的更改可能由提供更改性能级别的加密权限的第三方授权。 或者，可以以与安全模块设定的预定性能等级对应的速率累积后付费预付费值。

公开(公告)号：US20080184026A1

公开(公告)日：2008-07-31

申请号：US11668442

申请日：2007-01-29

Applicant: Martin H. Hall ,  Zhangwei Xu ,  Jeffrey Alan Herold ,  Curt Andrew Steeb ,  Rajagopal Venkatachalam ,  Douglas Reed Beck ,  David James Foster

Inventor： Martin H. Hall ,  Zhangwei Xu ,  Jeffrey Alan Herold ,  Curt Andrew Steeb ,  Rajagopal Venkatachalam ,  Douglas Reed Beck ,  David James Foster

IPC: G06F9/00

CPC classification number: G06F21/10 ,  G06F2221/2135

Abstract: A metered-use computer is operable in a number of states or modes to accommodate manufacture, test, operation and end-of-life. During manufacturing, a security module may be set to a non-metered mode, where no measurements are taken. At the end of the manufacturing process, the security module may be set to an active mode where metering and measurement of the computer are enforced. When terms of a purchase contract or other user agreement are satisfied, the computer may be set to a non-enforcement state where all metering and metering-related security are disabled. A one-time reset of the active mode is supported to allow end-of-line quality assurance testing.

Abstract translation: 计量计算机可在多种状态或模式中操作，以适应制造，测试，操作和使用寿命。 在制造期间，可以将安全模块设置为非测量模式，其中不进行测量。 在制造过程结束时，安全模块可以被设置为其中强制执行计算机的计量和测量的主动模式。 当满足购买合同或其他用户协议的条款时，计算机可能被设置为禁用所有计量和计量相关安全性的非执法状态。 支持主动模式的一次性重置，以允许线路质量保证测试。